Free and Open Source Software Is Not a “Free for All”: German Court Enforces GPL License Terms

Free and Open Source Software Is Not A “Free For All”: German Court Enforces GPL License Terms

The GNU General Public License, computer programs, and to guarantee version 2 (GPLv2) scores another the same rights to the recipients of court victory for the free and/or open works licensed under the GPLv2. source software (FOSS) community. Although the open-source movement The GPLv2 carries important has been active for nearly two conditions, however, most notably— decades, globally there are only and critical for its viability—that any a handful of cases in which a FOSS distribution of software licensed under license has been reviewed by — let the GPLv2 must be accompanied with alone receive the imprimatur of the “complete corresponding machine- enforceability from — a court. The readable source code” or “a written latest case hails from Germany and offer … to give any third party … a serves to underscore the importance complete machine-readable copy of of proper FOSS-license compliance the corresponding source code”. throughout the software development GPLv2, Sections 3(a) and 3(b). process and supply chain, including During a “Hacking for Compliance the obligation of distributors to Workshop” organized in Berlin in 2012 independently verify FOSS-license by the Free Software Foundation compliance representations from their Europe, the source code package for a suppliers. media player with GNU/Linux-based Welte v. Fantec firmware inside was found not to contain the source code for the Harald Welte, founder of gpl- iptables components. It was also violations.org (a non-profit discovered that the source code for organization aiming at the other device components was not the enforcement of GPL license terms), is same version used to compile the the owner of “netfilter/iptables” firmware’s binary code. (firewalling software for GNU/Linux) which he distributes to the public for The media player at issue was free as open source software under distributed by Fantec GmbH the GPLv2. (FANTEC), a German distributor of consumer electronic goods. Notably, The GPLv2 is the most widely used FANTEC had an earlier run-in with open source license. Its express aim is Welte after it was discovered that to promote developer’s rights to freely FANTEC had failed to fully disclose the use, study, modify and redistribute source code of its GPLv2-licensed

open source software. As part of their manufacturer and distributor, FANTEC 2010 settlement, FANTEC agreed to is responsible for checking its own refrain from future GPLv2 violations products for GPLv2 compliance, either and to pay Welte a contractual penalty directly or by a competent third party, in the event of future non-compliance. regardless of any additional cost.

In 2012, following the discovery at the Accordingly, the court found that hackathon, Welte sent a cease-and- FANTEC violated the terms of the desist letter to FANTEC for its failure GPLv2 because it did not provide the to make available for download a “complete” “corresponding” source complete and current copy of the code as required by the GPLv2, and source code used in connection with therefore had forfeited its right to use its media player. FANTEC complied the GPLv2-licensed iptables software. with the cease-and-desist request but (See GPLv2, Section 4, which refused to pay the contractual penalty. provides, in relevant part, “You may not copy, modify, sublicense, or In the court action Welte brought distribute the Program except as against FANTEC before the District expressly provided under this License. Court of Hamburg, FANTEC raised two Any attempt otherwise to copy, principle arguments: modify, sublicense or distribute the Program is void, and will automatically . FANTEC relied upon the terminate your rights under this representations of its Chinese License.”) supplier, who had guaranteed that the source code was The court therefore ordered FANTEC complete. FANTEC provided for to pay Welte the € 5,100 contractual download the very same source penalty, plus his attorney’s fees and code package that it received expenses in enforcing the GPLv2. from the supplier. Additionally, the court required FANTEC to turn over detailed . FANTEC had investigated information about the media player’s options with third parties for sales to determine the license fees source code analysis and owed. learned that such reviews are not only costly but also there is Practical Takeaways no warranty that the results would be complete or correct. This case serves as an important reminder that the term “open source” On June 14, 2013, in ruling in favor of does not necessarily mean “free of Welte, the court rejected FANTEC’s restrictions.” Companies using free arguments, and held that relying on and/or open source software need to the assurances of a software supplier properly assess and comply with the is not a valid defense. As a underlying FOSS licenses before

rmchale.com 2

commercially exploiting any new software products in which such software is incorporated. As merely passing on binaries from an upstream vendor does not shield one from liability, companies should adopt open source license compliance programs which include thorough audits of any use of FOSS, however acquired.

(A copy of the Welte v. Fantec District Court decision is available in German here.)

If you have any questions about this article, please contact:

Robert McHale, Esq. R | McHale Law 9 West Broadway, Suite 422 Boston, MA 02127 Tel. 617.306.2183 Email: [email protected]

DISCLAIMER: The contents of this publication are not intended, and cannot be considered, as legal advice or opinion. The contents are intended for general informational purposes only, and you are urged to consult an attorney concerning your situation and any specific legal questions you may have.

rmchale.com 3